[Dshield] IH Policy for third party webhosts?

Mrcorp mrcorp at yahoo.com
Mon Mar 14 18:46:23 GMT 2005

Great question!  I love these...

I start with SLA (Service Level Agreements).  These outline your expectations of the service you
are provided.  For example, in this specific scenario, I would include notification of impact to
service, escalation process, and etc.  

Next, I would include a required audit by your folks in audit, or if a smaller org, by yourself. 
Most third parties today understand this.  

I also require third parties to have a certification of some sort.  Such as ISO or BS7799.  This
is sometimes very difficult, but is very helpful when you know they meet specific requirements.

I do have some policy work on this as well that will be up on my site later this
week.(www.infosecwriters.com)  I also have a worksheet that I require to have completed when
evaluating vendors or service providers.  I would be willing to share this, just contact me off


--- warwick ackfin <warwick7th at gmail.com> wrote:
> I have a situation where a client's website and webapplications are
> hosted by a third party in another country.  Recently they have
> experienced prolonged unscheduled downtime and the webhost is tell me
> that there was an attack of some sort but will not go into further
> detail.
> This isn't your regular webhost and my client has a contract with
> certain expectations wired into it.  Unfortunately, the contract is
> devoid of any incident handling measures expected of the webhost such
> as sharing of log information and attack characteristics.
> Has anyone out there found themselves in the same nightmarish
> predicament?  If so, what types of things did you include in the
> policy?
> I want to be mindful of the webhosts security posture and the need to
> protect their own perimeter.  I know I can't ask for all the IDS /
> Firewall logs but I should be able to request grepped logs pertaining
> to my client's environment right?
> ....and for the record...the idea of halting the SANS practicals is a
> very VERY bad one...
> http://www.giac.org/practicals/termination.php
> --Warwick
> -------------- Sponsor Message ------------------------------------
> Join us at SANSFIRE 2005 in Atlanta!
> The Internet Storm Center Conference.
> Details: http://www.sans.org/sansfire2005
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list

More information about the list mailing list